Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT Security Bulletin
ASB-2017.0153
Multiple vulnerabilities have been identified in Tenable SecurityCenter
21 September 2017
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Tenable SecurityCenter
Operating System: Linux variants
Impact/Access: Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2017-11147 CVE-2017-11146 CVE-2017-11145
CVE-2017-11144 CVE-2017-11143 CVE-2017-11142
CVE-2017-7890
Member content until: Saturday, October 21 2017
Reference: ESB-2017.2174
ESB-2017.2027
Comment: CVE-2017-11146 has been rejected by the source. [2]
OVERVIEW
Multiple vulnerabilities have been identified in Tenable
SecurityCenter versions 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and
5.5.1. [1]
IMPACT
Tenable have provided the following details regarding the
vunlnerabilities:
"Tenable has released updates for SecurityCenter 5.3.2, 5.4.0,
5.4.2, 5.4.5, 5.5.0, and 5.5.1 to bring the version of PHP included
with them to 5.6.31.
PHP 5.6.31 addresses multiple vulnerabilities:
CVE-2017-11142:
In PHP before 5.6.31, 7.x before 7.0.17, and 7.1.x before 7.1.3,
remote attackers could cause a CPU consumption denial of service
attack by injecting long form variables, related to
main/php_variables.c.
CVE-2017-11143:
In PHP before 5.6.31, an invalid free in the WDDX deserialization of
boolean parameters could be used by attackers able to inject XML for
deserialization to crash the PHP interpreter, related to an invalid
free for an empty boolean element in ext/wddx/wddx.c.
CVE-2017-11144:
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7, the
openssl extension PEM sealing code did not check the return value of
the OpenSSL sealing function, which could lead to a crash of the PHP
interpreter, related to an interpretation conflict for a negative
number in ext/openssl/openssl.c, and an OpenSSL documentation
omission.
CVE-2017-11145:
In PHP before 5.6.31, 7.x before 7.0.21, and 7.1.x before 7.1.7,
lack of a bounds check in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings
to leak information from the interpreter, related to an
ext/date/lib/parse_date.c out-of-bounds read affecting the
php_parse_date function.
CVE-2017-11146:
In PHP through 5.6.31, 7.x through 7.0.21, and 7.1.x through 7.1.7,
lack of bounds checks in the date extension's timelib_meridian
parsing code could be used by attackers able to supply date strings
to leak information from the interpreter, related to
ext/date/lib/parse_date.c out-of-bounds reads affecting the
php_parse_date function. NOTE: this vulnerability exists because of
an incomplete fix for CVE-2017-11145.
CVE-2017-11147:
In PHP before 5.6.30 and 7.x before 7.0.15, the PHAR archive handler
could be used by attackers supplying malicious archive files to
crash the PHP interpreter or potentially disclose information due to
a buffer over-read in the phar_parse_pharfile function in
ext/phar/phar.c.
CVE-2017-7890:
PHP 'gd_gif_in.c' Memory Corruption Vulnerability Please refer to
the PHP 5.6.31 release notes for more information." [1]
MITIGATION
Tenable recommends upgrading to the latest version to address these
issues. [1]
REFERENCES
[1] [R1] SecurityCenter 5.3.2, 5.4.0, 5.4.2, 5.4.5, 5.5.0, and 5.5.1
Fixes Multiple Vulnerabilities
http://www.tenable.com/security/tns-2017-12
[2] CVE-2017-11146 Detail
https://nvd.nist.gov/vuln/detail/CVE-2017-11146
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBWcMToYx+lLeg9Ub1AQibyBAApdgXNbj8MN1/PprYnBZg0S5ajEEHFAuO
SMPI0v+d5ltvqNZOK9yRjM8T7dwftc5sidz2wZu7H5AEUMEGPD9Czlm9vHPDSR3B
iQ5vFIALJNg7NML9bBwA+IR/w4onBsu0MPTLp/ZClWAU9xiYCFK4cYKrAhyWOibD
Jj63VbV2/JC8TCGafSP5jzItBNKrM4KfYAutruuVggnA+E+je+Lh3rsLg0o7BpXc
S6jHS876qCiyRNNCC7mzwdP1BLBlI8fuOZMbcaH8gtE3pxv7FIO4JXLK1Jm0jaAR
YMBUkaACNPzyyugF8PW2IJIueIqhi0cCdvdkMkpwipyEuI3Ta4jvUvPDHr4NoV63
JAhQiTKL2HB5Nj6faR3J8eKG66Y8UT8V9oNnH2920L0+A7bzWNUnorll6G2YU5y/
7ydryEzgoSHcl7sVVmRHM0vgDWDgTyWgHy/gwNH9EUzE8RbtGkAptYuag6DGlKt0
dfW8cPFKOrcTC4B+5CZpMknSelKhAnr3/ULZv1IxRfVU0lFfGeTtJr0r8MwbOXA9
oiRMZIqGCxG6ZRJBzGU73wyrOc1SWqvwcnPsXtSyPLa8Qiyk45CFJGOPXue7bUd7
oLmQ/JZYUIqSOe501z6Jkd4v46p86nxLF80kImHrYFVxW4IP9HWxtf6L/GnjdzTz
iuCZb1DxLVI=
=ADVd
-----END PGP SIGNATURE-----